Posts tagged as:

Zlob

Zlob attack on Wireless Routers

by certifiedbug on June 11, 2008

in Internet Security

Brian Krebs reports for the Washinton Post.
Malware Silently Alters Wireless Router Settings

Philip Sloss, a software engineer for myNetwatchman.com, said he first observed the activity while examining a Zlob variant distributed on May 22. The DNS hijack occurs, he said, during the installer program, so by the time the user sees the fake codec installer screen, the malware has already attempted to change DNS settings on the victim’s router.

I reached out to researchers at Sunbelt Software to check Sloss’s data, and Sunbelt was able to confirm that the malware successfully changed the DNS settings on a Linksys router (model BEFSX41), pulled straight out of the factory box (with the default username and password). Another test showed that the Zlob variant successfully changed the DNS settings on a Buffalo router running the DD-WRT open source firmware.

Sunbelt also found that if there are multiple machines using the same router, all of the systems connected to that router will have their traffic hijacked.

Article

{ 0 comments }

AntiSpyCheck Rogue Security Program

by certifiedbug on June 11, 2008

in Scareware Rogues

The latest rogue installed through the Zlob Trojan.

How to remove AntiSpyCheck

If you have an infected computer and would feel more comfortable being assisted by a trained malware remover helper, please start a topic at one of the forums. Short but trusted list in the right hand column.

Certifiedbug: Fake Security Programs

{ 2 comments }

VirusHeat Rogue antispyware program

February 8, 2008

VirusHeat. Can’t say it enough, Rogue!
VirusHeat is installed on your computer when you download and install a Trojan masquerading as a video or audio codec required to view a movie on the Internet. These fake codecs are know as Zlob Trojans. Once you install these programs, though, they install VirusHeat onto your computer along [...]

Read the full article →

VirusRay latest Zlob Rogue antispyware program

October 23, 2007

The Zlob Trojan Downloader typically poses as audio or video codecs, required to be installed on your computer so you can watch or listen to certain media.
VirusRay is just the latest infection that downloads and installs rogue anti-spyware programs and displays fake security alerts in your Windows taskbar.
When the Zlob infection downloads and installs VirusRay, [...]

Read the full article →

Fake Security Programs

April 28, 2007

There are many Rogue antispyware programs, some of which will actually infect your machine rather than clean it. Or at the least, prove useless.
Countless victims seen in the help forums are infected by the Zlob trojan, which poses as a codec (compressor/decompressor) needed to view a video, often downloaded from websites with adult content.
Zlob installs [...]

Read the full article →

VirusRescue added to Rogue Anti-Spyware List

August 21, 2006

VirusRescue has been noticed by the security community and gained itself a spot on the Rogue/Suspect Anti-Spyware Products & Web Sites list
Most recent additions: AntiSpyware Soldier (8-21-06), VirusRescue (8-21-06), VirusBlast (8-1-06), Spyware Removal Wizard (8-1-06), Easy SpyRemover (8-1-06), 1-2-3 Spyware Free (8-1-06), AdwareFinder (7-8-06), SpyHeal (7-8-06), Xmembytes AntiSpyware (6-13-06), TitanShield AntiSpyware (6-13-06), Trust Cleaner (6-13-06), [...]

Read the full article →